skip to content

Centre for Digital Built Britain

Security-Mindedness for Smart Infrastructure: Challenges and Opportunities

The Centre for Digital Built Britain’s (CDBB) Security-Mindedness for Smart Infrastructure: Challenges and Opportunities event, in association with the Centre for Smart Infrastructure and Construction (CSIC) at the University of Cambridge, brought focus to the challenges and opportunities of security-mindedness in the digital age and featured a number of high-level presentations from leading experts.

Designed for both users and providers of Smart Infrastructure solutions and organisations working in the built environment, the presentations and subsequent workshop considered the implications of effective security, highlighted pressing issues and recommended the range of support available.  

“This is a topic of extreme importance to all of us working in the built environment but it is one that we are only beginning to wake up to,” said Dr Jennifer Schooling, Chair of the Research Strategy Steering Group for CDBB and Director of CSIC. 

Jennifer Schooling“This event provided delegates with the chance to consider security-mindedness from their own organisation’s perspective as well as exchange experiences and concerns with other professionals.”   

The event, held at Downing College, Cambridge, was well attended and attracted representatives from a range of organisations working in the built environment including designers, contractors, engineers, science, manufacturing and research centres, and government agencies.

The morning featured five presentations by a number of security-mindedness experts including: a UK Government security advisor; Graham Herries, Director of Digital Technologies at Laing O’Rourke; Alexandra Luck, Security Project Manager at CDBB andlead technical author of PAS 1192-5 and PAS 185; John Phyall, Head of Quality Assurance and Configuration Management, Capital Projects, Atomic Weapons Establishment (AWE); and Julian Schwarzenbach, Director of Data and Process Advantage.  

Key messages from the presentations included the importance of creating a security-minded culture in an organisation, and for security-mindedness to figure across all levels and departments and not to operate in a silo. Responsibility for security-mindedness falls to each and every person working in an organisation and the culture safeguarding good practice must be visible at the top. Being security-minded also brings additional good practice benefits to an organisation or project.

Graham Herries, Director of Digital Technologies at Laing O’Rourke, said: “In terms of security-mindedness, educating, re-educating and reminding our people is key. It’s everybody’s responsibility.”

Alex LuckThe afternoon workshop, led by Alexandra Luck and Julian Schwarzenbach,gave attendees an opportunity to consider key security themes in relation to their own organisation, and to hear accounts from fellow professionals from a range of organisations – some experienced in tackling these issues and some new to the challenge. 

“The chance to exchange experiences, both good and bad, was of great value to everyone attending this event. It was extremely interesting to look at a shared industry issue from a number of perspectives” said Dee Dee Frawley, Programme Manager for CSIC and facilitator for the event.

Security-Mindedness for Smart Infrastructure: Challenges and Opportunities presentations overview

Security implications of digital engineering and smart infrastructure– UK Government security advisor: this presentation highlighted the range of threats that the UK and its infrastructure face, including from organised crime, espionage and terrorism. It warned of the potential issues arising from widely shared digital engineering data, including BIM, and the presentation demonstrated the need for a security-minded approach to the increasing number of these collaborative initiatives so as to deny ready access to the data to those with malicious intent. The over-arching message was for organisations to identify an internal governance structure to consider protective security in all their self-generated initiatives and those affecting neighbourly assets, to ensure all staff consider security in their personal and professional lives, and for them to contract their supply chain accordingly.

Security Mindedness – everyone’s problem – Graham Herries, Laing O’Rourke: this presentation stated that security-mindedness needs to be mainstream for organisations, in the same way that Health and Safety has become. However, security-mindedness is generally where Health and Safety was many years ago, although Laing O’Rourke is leveraging its Next Gear approach to Health & Safety to also bring security mindedness to the forefront. It is essential to create a resilient environment throughout an organisation. Educating people is key, as is having policies and guidelines in place. Security-mindedness awareness must be ongoing – training once is not adequate. Responsibility for effective security-mindedness falls to each and every person working for an organisation – it is the people who are often the weakest link. One of the biggest threats to an organisation is an employee’s mistake or malicious intent. Laing O’Rourke’s three steps to secure security-mindedness include: creating a resilient environment; educating people; and enabling projects.

Security-minded standards for digital engineering, smart cities and asset management– Alexandra Luck, A Luck Associates: this presentation showed the range of threats that can potentially damage infrastructure and asset management organisations. It acknowledged that the volume of data and information arising through the increasing use of and reliance on digital engineering and technologies is growing. Recognising this data and information as valuable assets and managing them accordingly, including the challenges arising through aggregation, becomes ever more important.  Security should be an enabler not a blocker of innovation, but measures must be appropriate and proportionate – the more critical the asset, the higher the level of trust and security that is likely to be required around both the asset and the data and information associated with it. The key message is that most security breaches arise from human error, so security-mindedness must be embedded in the culture of an organisation from the very beginning, in combination with information management, good governance, physical and technological security.

Managing data from a security perspective – people, behaviours and compliance – Julian Schwarzenbach, Data and Process Advantage Limited: this presentation considered the numerous challenges to managing data. Data is a valuable and fragile asset and should be treated accordingly. Challenges arise from keeping data including activities (for example moving data), which can lead to the introduction of imperfections and degradation over time. There is pressing need to consider the culture and environment of an organisation and ask if it is compliant. The presentation made reference to The Data Zoo paper that explains how user behaviour affects information quality. Behaviours are driven by beliefs and, in order to change behaviours, we need to change the associated beliefs. Good practice must be visible at the top of an organisation to showcase the value of data, that it is managed well and made secure. Security-mindedness is not a separate set of disciplines but is part of everything we do.

  • Security-Mindedness for Smart Infrastructure: Challenges and Opportunities was one in a series of events and workshops organised by the Centre for Digital Built Britain. Details about further events can be found on the CDBB website. 
  • For more information about the Centre for Smart Infrastructure and Construction see

Useful security-mindedness support links

  1. Centre for the Protection of National Infrastructure (CPNI): Digital Built Assets and Environments 

  2. PAS 1192-5:2015 Specification for security-minded building information modelling, digital built environments and smart asset management 

  3. PAS 185:2017 Smart Cities. Specification for establishing and implementing a security-minded approach 

  4. National Cyber Security Centre 

  5. CPNI Passport to Good Security

  6. The Data Zoo: How user behaviours affect information quality by Julian Schwarzenbach

  7. Engineering Council Principles for Security

  8. Blog by event speaker Alex Luck, A Luck Associates, and CDBB Security Lead